appypod-rattail/gen/wrappers/UserWrapper.py

# ------------------------------------------------------------------------------
from appy.gen.wrappers import AbstractWrapper

# ------------------------------------------------------------------------------
class UserWrapper(AbstractWrapper):

    def showLogin(self):
        '''When must we show the login field?'''
        if self.o.isTemporary(): return 'edit'
        return 'view'

    def showName(self):
        '''Name and first name, by default, are always shown.'''
        return True

    def showEmail(self):
        '''In most cases, email is the login. Show the field only if it is not
           the case.'''
        email = self.email
        return email and (email != self.login)

    def showRoles(self):
        '''Only the admin can view or edit roles.'''
        return self.user.has_role('Manager')

    def validateLogin(self, login):
        '''Is this p_login valid?'''
        # The login can't be the id of the whole site or "admin"
        if login == 'admin':
            return 'This username is reserved.' # XXX Translate
        # Check that no user or group already uses this login.
        if self.count('User', login=login) or self.count('Group', login=login):
            return 'This login is already in use.' # XXX Translate
        return True

    def validatePassword(self, password):
        '''Is this p_password valid?'''
        # Password must be at least 5 chars length
        if len(password) < 5:
            return 'Passwords must contain at least 5 letters.' # XXX Translate
        return True

    def showPassword(self):
        '''When must we show the 2 fields for entering a password ?'''
        # When someone creates the user
        if self.o.isTemporary(): return 'edit'
        # When the user itself (which is Owner of the object representing him)
        # wants to edit information about himself.
        if self.user.has_role('Owner', self): return 'edit'

    def getGrantableRoles(self):
        '''Returns the list of roles that the admin can grant to a user.'''
        res = []
        for role in self.o.getProductConfig().grantableRoles:
            res.append( (role, self.translate('role_%s' % role)) )
        return res

    def validate(self, new, errors):
        '''Inter-field validation.'''
        page = self.request.get('page', 'main')
        if page == 'main':
            if hasattr(new, 'password1') and (new.password1 != new.password2):
                # XXX Translate
                msg = 'Passwords do not match.'
                errors.password1 = msg
                errors.password2 = msg
        return self._callCustom('validate', new, errors)

    def onEdit(self, created):
        self.title = self.firstName + ' ' + self.name
        aclUsers = self.o.acl_users
        login = self.login
        if created:
            # Create the corresponding Zope user
            aclUsers._doAddUser(login, self.password1, self.roles, ())
            zopeUser = aclUsers.getUser(login)
            # Remove our own password copies
            self.password1 = self.password2 = ''
            from persistent.mapping import PersistentMapping
            # The following dict will store, for every group, global roles
            # granted to it.
            zopeUser.groups = PersistentMapping()
        else:
            # Update roles at the Zope level.
            zopeUser = aclUsers.getUserById(login)
            zopeUser.roles = self.roles
            # Update the password if the user has entered new ones.
            rq = self.request
            if rq.has_key('password1'):
                zopeUser.__ = aclUsers._encryptPassword(rq['password1'])
                # Update the cookie value
                self.tool.o._updateCookie(login, rq['password1'])
            self.password1 = self.password2 = ''
        # "self" must be owned by its Zope user.
        if 'Owner' not in self.o.get_local_roles_for_userid(login):
            self.o.manage_addLocalRoles(login, ('Owner',))
        # If the user was created by an Anonymous, Anonymous can't stay Owner
        # of the object.
        if None in self.o.__ac_local_roles__:
            del self.o.__ac_local_roles__[None]
        return self._callCustom('onEdit', created)

    def getZopeUser(self):
        '''Gets the Zope user corresponding to this user.'''
        return self.o.acl_users.getUser(self.login)

    def onDelete(self):
        '''Before deleting myself, I must delete the corresponding Zope user.'''
        self.o.acl_users._doDelUsers([self.login])
        self.log('User "%s" deleted.' % self.login)
        # Call a custom "onDelete" if any.
        return self._callCustom('onDelete')

# ------------------------------------------------------------------------------
try:
    from AccessControl.PermissionRole import _what_not_even_god_should_do, \
                                             rolesForPermissionOn
    from Acquisition import aq_base
except ImportError:
    pass # For those using Appy without Zope

class ZopeUserPatches:
    '''This class is a fake one that defines Appy variants of some of Zope's
       AccessControl.User methods. The idea is to implement the notion of group
       of users.'''

    def getRoles(self):
        '''Returns the global roles that this user (or any of its groups)
           possesses.'''
        res = list(self.roles)
        # Add group global roles
        if not hasattr(aq_base(self), 'groups'): return res
        for roles in self.groups.itervalues():
            for role in roles:
                if role not in res: res.append(role)
        return res

    def getRolesInContext(self, object):
        '''Return the list of global and local (to p_object) roles granted to
           this user (or to any of its groups).'''
        if isinstance(object, AbstractWrapper): object = object.o
        object = getattr(object, 'aq_inner', object)
        # Start with user global roles
        res = self.getRoles()
        # Add local roles
        localRoles = getattr(object, '__ac_local_roles__', None)
        if not localRoles: return res
        userId = self.getId()
        groups = getattr(self, 'groups', ())
        for id, roles in localRoles.iteritems():
            if (id != userId) and (id not in groups): continue
            for role in roles:
                if role not in res: res.append(role)
        return res

    def allowed(self, object, object_roles=None):
        '''Checks whether the user has access to p_object. The user (or one of
           its groups) must have one of the roles in p_object_roles.'''
        if object_roles is _what_not_even_god_should_do: return 0
        # If "Anonymous" is among p_object_roles, grant access.
        if (object_roles is None) or ('Anonymous' in object_roles): return 1
        # If "Authenticated" is among p_object_roles, grant access if the user
        # is not anonymous.
        if 'Authenticated' in object_roles and \
           (self.getUserName() != 'Anonymous User'):
            if self._check_context(object): return 1
        # Try first to grant access based on global user roles
        for role in self.getRoles():
            if role not in object_roles: continue
            if self._check_context(object): return 1
            return
        # Try then to grant access based on local roles
        innerObject = getattr(object, 'aq_inner', object)
        localRoles = getattr(innerObject, '__ac_local_roles__', None)
        if not localRoles: return
        userId = self.getId()
        groups = getattr(self, 'groups', ())
        for id, roles in localRoles.iteritems():
            if (id != userId) and (id not in groups): continue
            for role in roles:
                if role not in object_roles: continue
                if self._check_context(object): return 1
                return

    try:
        from AccessControl.User import SimpleUser
        SimpleUser.getRoles = getRoles
        SimpleUser.getRolesInContext = getRolesInContext
        SimpleUser.allowed = allowed
    except ImportError:
        pass
# ------------------------------------------------------------------------------
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00			`# ------------------------------------------------------------------------------`
appy.gen: Refactoring due to De-Plonization. 2011-12-05 08:11:29 -06:00			`from appy.gen.wrappers import AbstractWrapper`
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00
			`# ------------------------------------------------------------------------------`
			`class UserWrapper(AbstractWrapper):`
Eradicated Flavour and PodTemplate classes (for the latter, use Pod fields instead); Added a code analyser; Groups can now be slaves in master/slaves relationships; Refs have more params (show a confirmation popup before adding an object, add an object without creation form); Code for Refs has been refactored to comply with the new way to organize Types; Added a WebDAV client library. 2010-10-14 07:43:56 -05:00
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00			`def showLogin(self):`
			`'''When must we show the login field?'''`
			`if self.o.isTemporary(): return 'edit'`
			`return 'view'`

appy.gen: bugfixes. 2012-03-03 16:29:32 -06:00			`def showName(self):`
			`'''Name and first name, by default, are always shown.'''`
			`return True`

appy.gen: improvements in user management. 2012-02-21 05:09:42 -06:00			`def showEmail(self):`
			`'''In most cases, email is the login. Show the field only if it is not`
			`the case.'''`
			`email = self.email`
			`return email and (email != self.login)`

			`def showRoles(self):`
			`'''Only the admin can view or edit roles.'''`
			`return self.user.has_role('Manager')`

Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00			`def validateLogin(self, login):`
			`'''Is this p_login valid?'''`
			`# The login can't be the id of the whole site or "admin"`
appy.gen: Ploneless version. 2011-11-28 15:50:01 -06:00			`if login == 'admin':`
appy.gen: solved a tricky encoding problem. 2011-12-08 09:01:57 -06:00			`return 'This username is reserved.' # XXX Translate`
appy.gen: Ploneless version. 2011-11-28 15:50:01 -06:00			`# Check that no user or group already uses this login.`
			`if self.count('User', login=login) or self.count('Group', login=login):`
appy.gen: solved a tricky encoding problem. 2011-12-08 09:01:57 -06:00			`return 'This login is already in use.' # XXX Translate`
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00			`return True`

			`def validatePassword(self, password):`
			`'''Is this p_password valid?'''`
			`# Password must be at least 5 chars length`
			`if len(password) < 5:`
appy.gen: solved a tricky encoding problem. 2011-12-08 09:01:57 -06:00			`return 'Passwords must contain at least 5 letters.' # XXX Translate`
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00			`return True`

			`def showPassword(self):`
			`'''When must we show the 2 fields for entering a password ?'''`
appy.gen: improvements in user management. 2012-02-21 05:09:42 -06:00			`# When someone creates the user`
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00			`if self.o.isTemporary(): return 'edit'`
appy.gen: improvements in user management. 2012-02-21 05:09:42 -06:00			`# When the user itself (which is Owner of the object representing him)`
			`# wants to edit information about himself.`
			`if self.user.has_role('Owner', self): return 'edit'`
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00
			`def getGrantableRoles(self):`
			`'''Returns the list of roles that the admin can grant to a user.'''`
			`res = []`
			`for role in self.o.getProductConfig().grantableRoles:`
			`res.append( (role, self.translate('role_%s' % role)) )`
			`return res`

			`def validate(self, new, errors):`
			`'''Inter-field validation.'''`
			`page = self.request.get('page', 'main')`
			`if page == 'main':`
			`if hasattr(new, 'password1') and (new.password1 != new.password2):`
appy.gen: solved a tricky encoding problem. 2011-12-08 09:01:57 -06:00			`# XXX Translate`
			`msg = 'Passwords do not match.'`
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00			`errors.password1 = msg`
			`errors.password2 = msg`
Added the possibility to customize the global message when validation fails. 2011-02-06 10:39:36 -06:00			`return self._callCustom('validate', new, errors)`
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00
			`def onEdit(self, created):`
			`self.title = self.firstName + ' ' + self.name`
appy.gen: first Ploneless version. 2011-11-25 11:01:20 -06:00			`aclUsers = self.o.acl_users`
			`login = self.login`
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00			`if created:`
appy.gen: first Ploneless version. 2011-11-25 11:01:20 -06:00			`# Create the corresponding Zope user`
			`aclUsers._doAddUser(login, self.password1, self.roles, ())`
appy.gen: Ploneless version. 2011-11-28 15:50:01 -06:00			`zopeUser = aclUsers.getUser(login)`
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00			`# Remove our own password copies`
			`self.password1 = self.password2 = ''`
appy.gen: Ploneless version. 2011-11-28 15:50:01 -06:00			`from persistent.mapping import PersistentMapping`
			`# The following dict will store, for every group, global roles`
			`# granted to it.`
			`zopeUser.groups = PersistentMapping()`
			`else:`
appy.gen: improvements in user management. 2012-02-21 05:09:42 -06:00			`# Update roles at the Zope level.`
appy.gen: Ploneless version. 2011-11-28 15:50:01 -06:00			`zopeUser = aclUsers.getUserById(login)`
			`zopeUser.roles = self.roles`
appy.gen: improvements in user management. 2012-02-21 05:09:42 -06:00			`# Update the password if the user has entered new ones.`
			`rq = self.request`
			`if rq.has_key('password1'):`
			`zopeUser.__ = aclUsers._encryptPassword(rq['password1'])`
			`# Update the cookie value`
			`self.tool.o._updateCookie(login, rq['password1'])`
			`self.password1 = self.password2 = ''`
appy.gen: added new format 'captcha' for a String. 2012-02-16 11:13:51 -06:00			`# "self" must be owned by its Zope user.`
appy.gen: first Ploneless version. 2011-11-25 11:01:20 -06:00			`if 'Owner' not in self.o.get_local_roles_for_userid(login):`
			`self.o.manage_addLocalRoles(login, ('Owner',))`
appy.gen: added new format 'captcha' for a String. 2012-02-16 11:13:51 -06:00			`# If the user was created by an Anonymous, Anonymous can't stay Owner`
			`# of the object.`
			`if None in self.o.__ac_local_roles__:`
			`del self.o.__ac_local_roles__[None]`
Added the possibility to customize the global message when validation fails. 2011-02-06 10:39:36 -06:00			`return self._callCustom('onEdit', created)`
Added script eggify.py for wrapping a Python module into an egg, and plenty of minor improvements and refactorings. 2010-11-26 10:30:46 -06:00
appy.gen: Ploneless version. 2011-11-28 15:50:01 -06:00			`def getZopeUser(self):`
			`'''Gets the Zope user corresponding to this user.'''`
			`return self.o.acl_users.getUser(self.login)`

Added script eggify.py for wrapping a Python module into an egg, and plenty of minor improvements and refactorings. 2010-11-26 10:30:46 -06:00			`def onDelete(self):`
appy.gen: Ploneless version. 2011-11-28 15:50:01 -06:00			`'''Before deleting myself, I must delete the corresponding Zope user.'''`
			`self.o.acl_users._doDelUsers([self.login])`
			`self.log('User "%s" deleted.' % self.login)`
Added script eggify.py for wrapping a Python module into an egg, and plenty of minor improvements and refactorings. 2010-11-26 10:30:46 -06:00			`# Call a custom "onDelete" if any.`
Added the possibility to customize the global message when validation fails. 2011-02-06 10:39:36 -06:00			`return self._callCustom('onDelete')`
appy.gen: Ploneless version. 2011-11-28 15:50:01 -06:00
			`# ------------------------------------------------------------------------------`
			`try:`
			`from AccessControl.PermissionRole import _what_not_even_god_should_do, \`
			`rolesForPermissionOn`
			`from Acquisition import aq_base`
			`except ImportError:`
			`pass # For those using Appy without Zope`

			`class ZopeUserPatches:`
			`'''This class is a fake one that defines Appy variants of some of Zope's`
			`AccessControl.User methods. The idea is to implement the notion of group`
			`of users.'''`

			`def getRoles(self):`
			`'''Returns the global roles that this user (or any of its groups)`
			`possesses.'''`
			`res = list(self.roles)`
			`# Add group global roles`
			`if not hasattr(aq_base(self), 'groups'): return res`
			`for roles in self.groups.itervalues():`
			`for role in roles:`
			`if role not in res: res.append(role)`
			`return res`

			`def getRolesInContext(self, object):`
			`'''Return the list of global and local (to p_object) roles granted to`
			`this user (or to any of its groups).'''`
appy.shared: improved deployment of a Appy app (creation of a Zope instance is no more required; corresponding folders are created in standard unix locations: /etc for the config file, /var/log for logs, /var/lib for the database, /usr/bin for scripts that start and stop the instance). appy.gen: first draft of a migration script that allows to migrate data from Plone-dependent Appy apps (<= 0.7.1) to Ploneless Appy 0.8.0. 2012-02-02 10:30:54 -06:00			`if isinstance(object, AbstractWrapper): object = object.o`
appy.gen: Ploneless version. 2011-11-28 15:50:01 -06:00			`object = getattr(object, 'aq_inner', object)`
			`# Start with user global roles`
			`res = self.getRoles()`
			`# Add local roles`
			`localRoles = getattr(object, '__ac_local_roles__', None)`
			`if not localRoles: return res`
			`userId = self.getId()`
			`groups = getattr(self, 'groups', ())`
			`for id, roles in localRoles.iteritems():`
			`if (id != userId) and (id not in groups): continue`
appy.shared: improved deployment of a Appy app (creation of a Zope instance is no more required; corresponding folders are created in standard unix locations: /etc for the config file, /var/log for logs, /var/lib for the database, /usr/bin for scripts that start and stop the instance). appy.gen: first draft of a migration script that allows to migrate data from Plone-dependent Appy apps (<= 0.7.1) to Ploneless Appy 0.8.0. 2012-02-02 10:30:54 -06:00			`for role in roles:`
			`if role not in res: res.append(role)`
appy.gen: Ploneless version. 2011-11-28 15:50:01 -06:00			`return res`

			`def allowed(self, object, object_roles=None):`
			`'''Checks whether the user has access to p_object. The user (or one of`
			`its groups) must have one of the roles in p_object_roles.'''`
			`if object_roles is _what_not_even_god_should_do: return 0`
			`# If "Anonymous" is among p_object_roles, grant access.`
			`if (object_roles is None) or ('Anonymous' in object_roles): return 1`
			`# If "Authenticated" is among p_object_roles, grant access if the user`
			`# is not anonymous.`
			`if 'Authenticated' in object_roles and \`
			`(self.getUserName() != 'Anonymous User'):`
			`if self._check_context(object): return 1`
			`# Try first to grant access based on global user roles`
			`for role in self.getRoles():`
			`if role not in object_roles: continue`
			`if self._check_context(object): return 1`
			`return`
			`# Try then to grant access based on local roles`
			`innerObject = getattr(object, 'aq_inner', object)`
			`localRoles = getattr(innerObject, '__ac_local_roles__', None)`
			`if not localRoles: return`
			`userId = self.getId()`
			`groups = getattr(self, 'groups', ())`
			`for id, roles in localRoles.iteritems():`
			`if (id != userId) and (id not in groups): continue`
			`for role in roles:`
			`if role not in object_roles: continue`
			`if self._check_context(object): return 1`
			`return`

appy.gen: bugfixes. 2012-03-03 16:29:32 -06:00			`try:`
			`from AccessControl.User import SimpleUser`
			`SimpleUser.getRoles = getRoles`
			`SimpleUser.getRolesInContext = getRolesInContext`
			`SimpleUser.allowed = allowed`
			`except ImportError:`
			`pass`
Bugfix in new.py; added new user management. 2010-09-02 09:16:08 -05:00			`# ------------------------------------------------------------------------------`